Security

Data in transit and at rest

All traffic between your browser and TideCRE is encrypted over HTTPS/TLS. Uploaded documents are stored in private cloud storage that is not publicly accessible, and your account and deal data are held in a managed PostgreSQL database.

Authentication

Accounts and login are managed by Clerk, a dedicated identity provider. We never store your password ourselves.

Access and isolation

Your saved deals are scoped to your account and are not visible to other users. Uploaded documents and the data extracted from them are not shared between users.

Subprocessors

We rely on a small set of established infrastructure providers, each handling data under contract:

• Anthropic — AI document processing (your inputs are not used for model training).
• Clerk — authentication.
• Stripe — payment processing (PCI-compliant; we never handle full card numbers).
• Vercel — hosting and private file storage.
• Neon — database hosting.

Payments

Card data is handled entirely by Stripe via its hosted checkout. Sensitive payment details never reach TideCRE's servers.

Reporting a vulnerability

If you believe you've found a security issue, we want to hear from you. Please email support@tidecre.com with details, and give us a reasonable chance to address it before public disclosure. We appreciate responsible reporting.